The United States Government has a couple of standards that provide a benchmark for implementing cryptographic software.
- Federal Information Processing Standard 140-1 (FIPS 140-1)
which was published in January 1994, and is superceded by...
- Federal Information Processing Standard 140-2 (FIPS 140-2)
which was published in May 2001.
To enable FIPS compliant algorithms in Windows 2003:
- In Control Panel, double-click Administrative Tools.
- In Administrative Tools, double-click Local Security Policy.
- In Local Security Policy, expand Local Policies, expand Security Options, and then double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing.
- In the System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing Properties dialog box, click the Local Security Setting tab.
- On the Local Security Setting tab, click Enabled, and then click OK.
- Close Local Security Policy.
If you enable these algorithms, however, you cannot send messages by using MSMQ over HTTPS. This is because by default a Secure Sockets Layer (SSL) 3.0 connection is established but SSL 3.0 is not FIPS compliant.
Back in April, a hotfix was produced to get round this as discussed in: